Spring Security REST for Grails exposes an endpoint /api/login which we can access with a POST request. We should supply our credentials (username and password) as parameters. If we are successfully authenticated we will get an access_token and a refresh_token.

We can do a GET request to our http://localhost:8080/api/announcements endpoint. We need to add an HTTP header:
Header Name: Authorization
Header Value: Bearer access_token

The access_token is the one we got back from the api/login endpoint.

The above request is illustrated here:

Note were are using a JSON Web Token (JWT) which we don’t need to store on the server side. The token validation is done without a repository (database or similar) call. Thus, better for the scalability of the application.

Access token expire. However in the api/login method we got a refresh token which we can use to get a new access token. We can do POST request as shown below:

Do you like to read about Groovy/Grails development? Yes, then Subscribe to Groovy Calamari a weekly curated email newsletter about the Groovy ecosystem which I write

What if I want to secure the “def announcements()” for 2 specific users? How can I do that?
I have tried so far….
@Secured([“authentication.name == ‘admin1′”, “authentication.name == ‘admin2′”])
@Secured(“authentication.name in [‘admin1’, ‘admin2’]”)
@Secured(“[‘admin1′,’admin2’].contains(authentication.name)”)

Hi Sergio,
Thank you for this great tutorial, there is just a small typo when you wrote “productAnnoucementService” but your called the service “ProductAnnouncement” (so the file would be: grails-app/services/myapp/ProductAnnouncementService.groovy), this cause the api controller to query on null object and I’ve spent sometime to discover that, but thank you anyway 🙂
Regards

It is very useful!
How is possibile to simply save access login into a database? I have tried to register an URI (/api/login) interceptor to store authentication tries, but it seems /api/login is not intercepteable…